Struggling with root, been looking for odd services all day, nothing is sticking out like a sore thumb
Is there something in the home folder which you wouldn’t expect to see? is it related to a running service? If you have the ability to write to the thing in the folder and the service is running, there is an attack you can try.
can somebody plz point me to something i can read on the foothold? I dont understand the hints and can’t think of anything i can do to the login/registration =(
Thanks @MrR3boot
User was a apinful fun that took hours.
Root was straight even if diffcult to trigger on free server cause many people working at the same time
Happy when I found out same old exploit worked all the time, just other users got in the way…
But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.
The page width might be cutting off bits.
Yes I noticed that right away. That why I tried multiple tools, but linebraks and blank spaces are messed up. Which tool did you use? I tried pdf2text and Affinity Photo, Okular & Foxit PDF
you dont need any software for that… <"pre+…
I think it would be better to change the font size
Hi guys! I am trying to login in the admin panel, but I can’t understand what I am missing. Can you please help me, send me some message or something like that?
Thank you so much!
Hi guys! I am trying to login in the admin panel, but I can’t understand what I am missing. Can you please help me, send me some message or something like that?
Thank you so much!
If you don’t have default admin creds, create you own
Hi guys! I am trying to login in the admin panel, but I can’t understand what I am missing. Can you please help me, send me some message or something like that?
Thank you so much!
If you don’t have default admin creds, create you own
Thank you, I got them. Now I’m stuck at the next point.
Stuck on admin part, I think the injection comes from the params instead of the file itself, but haven’t found a language or payload which works so far. php returns no output. Any nudge would be appreciated
Stuck on admin part, I think the injection comes from the params instead of the file itself, but haven’t found a language or payload which works so far. php returns no output. Any nudge would be appreciated
Sounds like you are kinda on the right track. PM me if you need a hand.
■■■■! This one makes me feel so stupid… still stuck at first step, i think i know WHAT i have to do, but i don’t know HOW exactly.
The hints in the comments, reinforce the feeling i’m in the good direction. But still hitting my head against a wall with any new thing i try.
After the inital foothold (and reading some comments) two possible ways to get admin access came out instantly. To get it, i need:
Insert or update my user record, with elevated privileges (admin role)
Update legit admin record, setting new (custom) password
Not sure how the admin role is stored in user record (if it’s a literal, a related table, an enum, a string, etc…), so i think, the other way looks easier, at least locating the admin record in all the records should be easy as we have a way to “locate” it (a···n@b··k.htb)… but i was wrong as everything i try don’t work…
Tried forcing the user e···l when register a new user, updating user’s r··e and e···l from p······.php, i tried param pollutionn in every form, register from the hidden panel in /a···n/, try to trunk the strings with null, CRLF, etc…, tried sql (and others) injections, with identical results…
Nothing at all worked for me, now i’m stuck and my brain is blocked with this, so i can’t think clearly about it or focus in what i’m missing while i’m dealing with this frustration…
Any help that points me in the right direction or if i’m completely and desperately lost? any mistake in my thoughts?
Nothing at all worked for me, now i’m stuck and my brain is blocked with this, so i can’t think clearly about it or focus in what i’m missing while i’m dealing with this frustration…
Any help that points me in the right direction or if i’m completely and desperately lost? any mistake in my thoughts?
This is difficult without being over-spoilery.
You are in the right injection. There are other attacks than injection.
You need to create a user in a way that allows you overwrite the admins login credentials. Try doing this, find out what prevents, then try to bypass that. Dont try to imagine the attack all at once.
Nothing at all worked for me, now i’m stuck and my brain is blocked with this, so i can’t think clearly about it or focus in what i’m missing while i’m dealing with this frustration…
I was on the same place as you, until i read your comment. Indeed, it’s difficult to talk about it without spoiling.
You do have all the things required. Update what you need then perform a different action on the other panel that you mentioned.
Guys i dont know how you managed to be logged in as who we should be . My victory lasted 3 mins then reset and overwrites all the time .
Other than that the principle of exploitation and the concept is cool .Too bad we cannot utilize it properly
Nothing at all worked for me, now i’m stuck and my brain is blocked with this, so i can’t think clearly about it or focus in what i’m missing while i’m dealing with this frustration…
I was on the same place as you, until i read your comment. Indeed, it’s difficult to talk about it without spoiling.
You do have all the things required. Update what you need then perform a different action on the other panel that you mentioned.
Also, thanks for the unintended nudge
Thanks for your answer, happy to hear i’ve helped in anything hehehehe even if it wasn’t my original intention
Not sure if i understand what you say… do you mean that there is some kind of race condition, where time is relevant to success?